GCP-backed DataOS Lakehouse¶
DataOS Lakehouse is a Resource that merges Apache Iceberg table format with cloud object storage, yielding a fully managed storage architecture that blends the strengths of data lakes and data warehouses.
The DataOS Lakehouse (GCP-backed) provides a secure, scalable, and cloud-native data storage and analytics layer built on Google Cloud Storage (GCS), using Apache Iceberg or Delta Lake as table formats. It can be used as a sink to store both batch and change data capture (CDC) pipelines in Nilus. It provides a unified data storage layer where structured and semi-structured data can be written and consumed downstream.
Connections to the GCP Lakehouse are managed only through DataOS Depot, which centralizes authentication and storage configuration. Nilus writes batch and CDC data to a DataOS Lakehouse (Iceberg), addressed by providing UDL as:
Prerequisites¶
The following configurations must be set up before using the GCP-backed DataOS Lakehouse:
Environment Variables¶
For GCP-backed Lakehouse, following environment variables must be configured (via Depot and Instance-Secret):
| Variable | Description |
|---|---|
TYPE |
Must be set to GCS |
DESTINATION_BUCKET |
GCS URL in format gs://<bucket>/<path> |
GCS_CLIENT_EMAIL |
Service account email |
GCS_PROJECT_ID |
GCP project ID |
GCS_PRIVATE_KEY |
Service account private key |
GCS_JSON_KEY_FILE_PATH |
Path to service account JSON key file |
METASTORE_URL |
(Optional) External metastore URL |
Info
Contact the DataOS Administrator or Operator to obtain configured Depot UDL and other required parameters.
Authentication Methods¶
Nilus supports two authentication methods for GCP:
- Service Account JSON Key File
- Standard GCP authentication method.
- JSON key must contain
private_key,client_email, andproject_id.
- HMAC Credentials(Hash-based Message Authentication Code)
GCS_ACCESS_KEY_ID: HMAC key IDGCS_SECRET_ACCESS_KEY: HMAC secret- Useful for S3-compatible access scenarios.
Required GCP Setup¶
- GCS Bucket
- Create the target bucket.
- Configure access control (IAM roles, ACLs).
- Enable versioning and lifecycle management as needed.
- Service Account
- Create service account.
- Generate JSON key file.
- Assign required roles:
roles/storage.objectViewerroles/storage.objectCreatorroles/storage.admin(if managing bucket metadata)
- Security
- Configure IAM policies.
- Rotate keys regularly.
- Enable audit logging for storage operations.
Sink configuration¶
# Example of CDC for MongoDB to DataOS Lakehouse
name: ncdc-mongo-test
version: v1
type: service
tags:
- service
- nilus-cdc
description: Nilus CDC Service for MongoDB to s3 Iceberg
workspace: public
service:
servicePort: 9010
replicas: 1
logLevel: INFO
compute: runnable-default
resources:
requests:
cpu: 1000m
memory: 536Mi
limits:
cpu: 1500m
memory: 1000Mi
stack: nilus:1.0
stackSpec:
source:
address: dataos://testingmongocdc
options:
engine: debezium #mandatory for CDC; no need for batch
collection.include.list: "sample.unnest"
table.include.list: "sandbox.customers" #mandatory; can point to multiple tables using comma-separated values
topic.prefix: "cdc_changelog" #mandatory; can be custom
max-table-nesting: "0"
transforms.unwrap.array.encoding: array
sink:
address: dataos://gcp_depot
options:
dest-table: retail
incremental-strategy: append
address– UDL of Lakehouse to write into.dest-table– targetschema.table(or table). (Table is optional for CDC service)incremental-strategy–append(typical for CDC).
Sink Attributes Details¶
| Option | Required | Description | Callouts |
|---|---|---|---|
dest-table |
yes | Destination table name in schema.table format |
|
incremental-strategy |
yes | Strategy for writes (append, replace, merge) |
Merge requires primary-key |
primary-key |
Required for merge | Column(s) used to deduplicate |